Prior to the wannacry attack in May 2017, many companies in Singapore thought that their sites does not have anything worth being hacked for and as such, neglected in up keeping their IT Security. However, as bad as it may sound. majority of the sites/server compromised are not to steal or deface your site. but instead, using your server as a source for spams mail or storing of software to serve for illegal purposes.
Though commonly, compromised server are often used as botnet or to mine bitcoin.
As such, today blog post will serve as a few common exploit as well as tips to safeguard your websites from black hat hackers.
1. SQL INJECTION
SQL injection is basically an attack where hackers use web form like login to insert specific codes to gain access or manipulate your database. when standard transact SQL is being used, one can just used ‘ OR ‘1’=’1′ — to gain access to one database. To fix this, one should always explicitly parameterising it.
3. Error Message
Information in error page may give you away in your error messages. Provide only minimal errors to your users, to ensure they don’t leak secrets present on your server (e.g. API keys or database passwords). Don’t provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.
So there you go, this 3 IT Security tips should ensure your site be protected from entry level hackers or better known as script kiddies. in the next security blog we will talk more on comprehensive attacks that mid-high level hackers will use on sites.
For more concerned individual 8 GB Technologies is providing a free website audit to better help you understand what are the vulnerability found in your website.
Let’s us all keep the internet safe for our users.
8 GB Technologies